Moral Hazards in Cyber Vulnerability Markets

Hoffman, Alex

doi:10.1109/mc.2019.2936635

Cited by 4 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bug bounty programs typically follow a crowdsourcing model in which there is an open call for people to anonymously test software [3]. However, bug bounty programs can be further improved by focusing on strategies that enhance their effectiveness [1].…”

Section: A General Bug Bounty Program (Bbp) Effectiveness and Designmentioning

confidence: 99%

“…In parallel, bug bounty programs have become a crucial component of cybersecurity, leveraging the collective global expertise of security researchers to identify and mitigate threats and provide incentives for their discoveries [2]. These programs also raise substantial ethical questions related to the monetization of cybersecurity vulnerabilities, necessitating an analysis of the associated moral implications [3]. Additionally, this study explored the characteristics of security bugs, which are critical for establishing a robust vulnerability management framework [4].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Optimizing Bug Bounty Programs for Efficient Malware-Related Vulnerability Discovery

Yulianto,

Soewito,

Gaol

et al. 2024

IJACSA

View full text Add to dashboard Cite

Conventional security measures struggle to keep pace with the rapidly evolving threat of malware, which demands novel approaches for vulnerability discovery. Although Bug Bounty Programs (BBPs) are promising, they often underperform in attracting researchers, particularly in uncovering malware-related vulnerabilities. This study optimizes BBP structures to maximize engagement and target malware vulnerability discovery, ultimately strengthening cyber defense. Employing a mixed-methods approach, we compared public and private BBPs and analyzed the key factors influencing researcher participation and the types of vulnerabilities discovered. Our findings reveal a blueprint for effective malware-focused BBPs that enable targeted detection, faster patching, and broader software coverage. This empowers researchers and fosters collaboration within the cybersecurity community, significantly reducing the attack surface for malicious actors. However, challenges related to resource sustainability and legal complexity persist. By optimizing BBPs, we unlocked a powerful tool to fight cybercrime.

show abstract

Section: A General Bug Bounty Program (Bbp) Effectiveness and Designmentioning

confidence: 99%